social network

Bank robbery in the era of crypto-currency

The largest digital exchanger Coinbase was subjected to large-scale attacks, calling into question the security of the currency exchange.

Photo by The New York Times

In March 2017, American Sean Everett sold all of his shares to Apple and Amazon. He transferred the proceeds to bitcoins and the etherium with the help of a large coinexchange exchange Coinbase . In late spring, prices for crypto-currencies rose high enough that Everett began planning to launch his own start-up. But on May 17 the situation changed dramatically: someone hacked his email and deduced several thousand dollars from his account.

Everett was not the first injured user of Coinbase. Since early 2017, hackers have been removed from the stock exchange, which used to be considered the most reliable, millions of dollars. This situation raised the issue that every year more and more people are worried about – how to preserve the crypto-currency savings in the world where specialists and special services are powerless against hackers. The story of the ups and downs of Coinbase was told by Fortune journalist Jen Vektsner.

What kind of exchanger is this?

Coinbase was founded in San Francisco in 2012. It is available in 32 countries. This is the largest exchange platform for crypto currency in the world, which until recently was the most reliable digital bank. For five years of work, hackers could not find flaws in its defense system. The creation of the exchange is 34-year-old Brian Armstrong – a former Airbnb engineer who wanted to launch “Gmail from the world of crypto-currencies”.

Prior to the appearance of digital exchanges, the owners of crypto-currencies had to store a 64-digit number, which provided access to the conditional bitcoin. Armstrong came up with a system that stores the accumulation of clients with passwords in their accounts.

A convenient platform quickly attracted people. The current audience of Coinbase totals 9 million customers, they store 3 billion dollars on the exchange and have already exchanged 25 billion dollars with the help of the service. Despite such popularity, the authorities of different countries have not yet found ways to influence the site. Actions of the authors of the exchange are not regulated by banking laws or laws on consumer rights.

Hacking in Coinbase

“Coinbase is the largest US bank in JPMorgan from the world of blockbuster,” the venture investor Fred Wilson described the exchange. And like any large bank, a crypto currency exchange also attracts robbers. The exact number of hacked customers is unknown – according to Fortune, in some months hacking occurred daily. Wilson himself once almost became a victim of hackers, in time blocking an unwanted transaction.

Sometimes attackers attack people, on account of which only a few thousand dollars. In other cases, the amount of stolen funds is 18 thousand dollars or more. This indicates that hackers do not have a ready list of victims. They attack at random.

The source Fortune in Coinbase said that in total hackers stole from the exchange customers $ 5 million. Hacking took place according to the following scheme: attackers hunted down people working in the industry of crypto-currencies, or often mention bitcoin in social networks. They recognized the victim’s email address and telephone number, having studied all of her past publications or accidental leaks on the Internet.

Head of Coinbase Brian Armstrong. Photos Fortune
Then the hackers contacted the mobile provider of the attacker, dictated to the employee the number of the victim and asked them to remind them of the PIN. If the employee of the company agreed to disclose the code without additional verification, the attackers registered the victim’s number on the phone controlled by him using a PIN-code .

Since often the phone number is tied to e-mail, hackers requested to restore the access code and opened the mail. Then they used the account recovery function in Coinbase, the data about which came to the hacked mail, and logged in the system. After the hackers withdrew the currency to their own account. For added security, they missed the stolen through several exchangers in order to cover up the tracks, and only then cashed out the funds.

Investigations of thefts are carried out by experts of the research agency Chainalysis. In the past, they found the perpetrators of several major crypto-currency crimes, but in Coinbase they do not have any leads yet. The search for hackers can take years. Since attacks are of a point nature, it is difficult to attract US intelligence services to the investigation.

Experts believe that the situation can change if the FBI continues to receive complaints of robbery. Or if it will be proved that a professional grouping hides behind hacking. So far this is only an assumption.

But even if hackers are arrested, victims can never get money back.

Scope of the problem

The system of Coinbase and other digital exchanges is based on the blockbuster , so the robbed customers can not ask the firm to return funds from the hacker’s account, as it would have happened in a traditional bank. This action is contrary to the principles of the crypto currency. This means that no one, not even a state security service, can influence an illegal transaction without destroying the whole system.

According to the FBI, in 2016, hackers stole $ 28 million from individuals in a crypto currency equivalent. This is three times more than a year earlier.

At first glance, digital banks act like their real counterparts. They store and exchange millions of dollars every day, but their protection system more and more alarms big investors and ordinary users every day.

The head of Coinbase said that they are upgrading and closing the hole in the system after each new hacking. Additional protection is provided by the functions of the block and two-stage authorization with the indication of the client’s mail. But Armstrong admits that the protection system requires improvements.

Formally, crackers did not violate the principles of blocking, because they simply transferred users’ funds through their accounts. Therefore, they can not be tracked by standard rules. In fact, it’s a tricky, albeit primitive way to get around the blockade.

What will happen to Coinbase next

Now Coinbase employs about 180 people, but they can not cope with the number of client requests. The company does not even have a phone support, it is planned to register it in September. And hire 100 more people to help. Probably, this is due to the company’s new concern – the consequences of bitcoin hardfork.

On August 1, the most popular crypto currency was divided into two because of community disagreements. The new currency is called Bitcoin Cash and is already rapidly gaining weight. Now the cost of the new bitcoin is 664 dollars. For comparison, the cost of the etherium, the second most popular crypto currency, is321 dollars.

Vitalik Buterin, creator of the crypto currency etherium, popular with customers of Coinbase. Photos Fortune
Initially, the management of Coinbase refused to recognize the new currency because of technical difficulties. A few hours after this statement, the customers flooded the company with complaints, overloaded the server and promised to sue. Against the backdrop of a growing scandal, the management of the exchange had to give in: in 2018 Bitcoin Cash will be available in Coinbase.

But if only time and money are needed to increase the staff and integration of the new bitcoin, then the threat of further hacking requires more serious efforts. Major hacker hacking is not the first time hitting the crypto currency exchange. In 2014, the promising MT.Gox exchange closed after hackers stole more than $ 500 million from the site. In the summer of 2016, cybercriminals took out $ 72 million of crypto-currencies from the Bitfinex site in Hong Kong , causing the creators to temporarily halt its work.

This can also happen with Coinbase, if instead of single hits on clients hackers will risk a large-scale hacking. Any such attack threatens the reputation of the entire block system, so the future of Coinbase depends on the modification of the defense protocols.

Back to top button